A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.
Se encontró un fallo en la API REST de Keycloak anterior a la versión 8.0.0, donde se permitiría el acceso del usuario desde un dominio en el que el usuario no fue configurado. Un atacante autenticado con conocimiento de un id de usuario podría usar este fallo para acceder a información no autorizada o llevar a cabo futuros ataques.
A flaw was found in the Keycloak REST API where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.